On Wed, 18 Aug 2004, Allen Akin wrote:
> Apparently, several days ago pobox.com (which I use as a forwarding
> agent) turned on the Sender Rewriting System (SRS), which is related to
> the SPF project.
>
> I've just discovered that as a result, a lot of mail to me is being
> challenged that wasn't being challenged before, and individual
> confirmations are no longer working properly. As far as I can tell,
> here's what's happening.
TMDA should not be using the return-path (envelope sender) for indentifying the
sender. The return-path is just that - a return path used for bounces only.
It is not necessarily the same for the same sender even without SRS (or SES or
VERP or ...).
Delivering the challenge via the return path is reasonable - the challenge
is after all a delivery notice, exactly what the return-path is intended for.
However, the senders identity is better represented by the From: header (or
perhaps the PRA algorithm getting hashed out in the sender-ID forums - which
essentially looks at several RFC2822 headers in turn like Sender:, From:, etc
to determine the Purported Responsible Agent).
> I suspect a real fix requires new functionality in TMDA. Does anyone in
> the developer community have any advice?
Yes. TMDA is apparently using return-path incorrectly. The RFC2821 headers
are used for delivery. RFC2822 headers should be used to indentify the
sender. Note that SPF authenticates the RFC2821 headers only (useful
because this tells you who is responsible for the mail showing up
at your machine). There are various schemes in the works for authenticating
RFC2822 headers (sender-ID, Domain Keys), but TMDA should procede as it
always has. It has just been using the wrong header to identify the sender.
As far as new functionality - TMDA might find it useful to associate
the RFC2821 domain with the sender. I.e., the key to the challenge
database could be ([EMAIL PROTECTED],forwarder.com).
--
Stuart D. Gathman <[EMAIL PROTECTED]>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
_____________________________________________
tmda-users mailing list ([EMAIL PROTECTED])
http://tmda.net/lists/listinfo/tmda-users
